On Mon, Oct 3, 2016 at 11:18 AM, Jan Kurik <jkurik@xxxxxxxxxx> wrote: > = Proposed Self Contained Change: BIND version 9.11 = > https://fedoraproject.org/wiki/Changes/BIND_9.11 > > Change owner(s): > * Tomas Hozza <thozza AT redhat DOT com> > * Michal Ruprich <mruprich AT redhat DOT com> > > BIND (Berkeley Internet Name Domain) version 9.11 is the latest stable > major update of the widely used DNS server. Besides new features, some > settings defaults have changed since the previous major version > (9.10). > > == Detailed Description == > FULL BIND 9.11 RELEASE NOTES: > ftp://ftp.isc.org/isc/bind9/9.11.0b3/RELEASE-NOTES-bind-9.11.0b3.txt > > New features > * A new method of provisioning secondary servers called "Catalog > Zones" has been added. > * Added an isc.rndc Python module, which allows rndc commands to be > sent from Python programs. > * Added support for DynDB, a new interface for loading zone data from > an external database, developed by Red Hat for the FreeIPA project. > * New quotas have been added to limit the queries that are sent by > recursive resolvers to authoritative servers experiencing > denial-of-service attacks. > * Added support for dnstap, a fast, flexible method for capturing and > logging DNS traffic. > * A new DNSSEC key management utility, dnssec-keymgr, has been added. > * nslookup will now look up IPv6 as well as IPv4 addresses by default. > * named will now check to see whether other name server processes are > running before starting up. > * Added server-side support for pipelined TCP queries. > * The new mdig command is a version of dig that sends multiple > pipelined queries and then waits for responses, instead of sending one > query and waiting the response before sending the next. > * A new message-compression option can be used to specify whether or > not to use name compression when answering queries. > * When loading a signed zone, named will now check whether an RRSIG's > inception time is in the future, and if so, it will regenerate the > RRSIG immediately. > > Feature changes > * When using native PKCS#11 cryptography (i.e., configure > --enable-native-pkcs11) HSM PINs of up to 256 characters can now be > used. > * Update forwarding performance has been improved by allowing a single > TCP connection to be shared between multiple updates. > * Added support for OPENPGPKEY type. > * Retrieving the local port range from net.ipv4.ip_local_port_range on > Linux is now supported. > * On machines with 2 or more processors (CPU), the default value for > the number of UDP listeners has been changed to the number of detected > processors minus one. > * Zone transfers now use smaller message sizes to improve message > compression. This results in reduced network usage. > * Added support for the AVC resource record type (Application > Visibility and Control). > > == Scope == > Proposal owners: > * Rebase the package to the latest 9.11 minor version and resolve > possible packaging issues. (Also rebuild all currently existing > dependent packages listed below) Any idea if we can move back to building the dhcp package against the latest version and retire bind99? I don't remember the exact bugs we saw against 9.10 with dhcp (although I do vaguely remember some issue that forced the change). _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
